The current status in Brazil

As you can see in Tractis Brazil webpage, the country has already passed electronic signature legislation. With the coming in force of Medida provisória 2.200-2, of August 24th, 2001, any document signed with an electronic certificate from any of the Certification Authorities being part of the Brazilian Public Key Infrastructure (ICP-Brasil, see below) is presumed authentic.

In contrast to the large majority of countries, Brazil has adopted a single root national certification system. Thus, the Brazilian Government becomes the “Root Certification Authority” (Root CA) accrediting, supervising and auditing all the rest of Certification Authorities affiliated with them.

The main official bodies in the system are:

The National Institute for Information Technology (ITI) operates under the rules established by a management committee (ICP-Brazil Management Committee) to maintain and audit the Brazilian Public Key Infrastructure (ICP-Brazil). The ITI is a federal agency within the Brazilian Government (Civil House of the Presidency of the Republic).

The ICP-Brazil Management Committee drafts and approves the rules under which the ICP-Brazil operates, including the certifications policies, technical standards and operating standards. Its members are appointed by the President of the Republic himself.

The ICP-Brazil implements the rules approved by the ICP-Brazil Management Committee. ICP-Brazil occupies the first rank of the certification chain in the Brazilian market, the root CA, and, as such, it is incumbent upon them to issue, grant, distribute, revoke and administer the certificates of certification authorities below them.

Support to Serasa Experian

We have started by supporting the electronic certificates issued by AC-Serasa, the Certification Authority owned by Serasa-Experian. To give some background, Serasa-Experian is a company belonging to the Experian group, one of the biggest credit risk and marketing information providers for businesses worldwide.

AC-Serasa provides electronic certificates to individuals (natural person), corporations (legal entities) and equipment (e.g.: servers). In this first integration we have focused on the certificates for individuals:

eCPF A1: Certificates with private key generated and stored in software (a file in your computer). We have given a Tractis Score 3 (Substancial Assurance Level) to these.

eCPF A3: Certificates with private key generated and stored in hardware (a USB device or a card separate from your computer). To these we have asigned a Tractis Score 4 (High Assurance Level).

For these certificates AC Serasa acts as an intermediate certification authority between the Brazilian Tax Authority (Receita Federal do Brasil) and the final user. In other words, To obtain any CPF (“Cadastro de Pessoas Físicas”) certificate it is also necessary to have a registration with the Brazilian Tax Authority. The hierarchy is as follows:

ICP-Brazil (Root Certification Authority).

AC RFB (Brazilian Tax Authority Certification Authority).

AC Serasa RFB (Serasa-Experian Certification Authority).

Final user.

At present, the RFB hierarchy represents between 60 and 70% of all electronic certificates from ICP-Brazil, which makes them the ideal candidate to start supporting their certificates.

With today announcement, Tractis supports 74 certificate profiles from 32 certification authorities in 14 different countries. By the day more and more people can transact their businesses 100% on-line, securely and with full legal validity, regardless of the country they are in, their certificate or the computer operating system they are using.